Wowee. Look at this server. Definitely keep critical data in there. Yup

Tech laces networks with decoys to contain breaches

Israel-based Illusive Networks claims that its approach of planting poison-pill servers in a network can detect incoming attacks faster than any other method.

At the startup's Tel-Aviv office, CEO and founder Ofer Israeli told a visiting press group that his technology is a post-breach mechanism. It automatically learns the topology of a customer's network and plants details of phoney servers and shared resources.

In a typical attack, a hacker might penetrate the network and gain privileges needed to move from node to node. Then they will move across the network to identify the target's location.

Illusive Networks places extra network destinations and shares inside a server's deep data stores. An attacker lands on a decoy and looks where to go next, finding a mix of real and phoney destinations, which all look genuine.

By having enough fake destinations, attackers will eventually land on one or more of them. As soon as they do, the software knows it's a real penetration attempt and alerts network managers so that a response team can then deal with the attack.

Real users do not see the fake network addresses as they are planted deep in a server's system data stores and will only be accessed by attackers looking for network topology data so as to progress their attack.

It works on-premises or in a public cloud. Israeli said: "We are deployed across a bank which is completely a cloud bank."

The software can work on Windows servers and workstations, Macs, and Linux servers but not Unix ones, although Unix support is coming. There is a recent mainframe protection product which involves planting deception sites around mainframes rather than working in the mainframes directly.

The software does not work on network switches but will do so in future. Cisco is a strategic investor.

Illusive can provide risk analysis services. "We can provide risk analysis of attacks to organisations so they can respond appropriately," Israeli said. "We can show which attacks are closest to your critical data and prioritise them."

Business is picking up. The firm had a run rate in the high single-digit millions in 2016 and has grown fast since then. Its business model is based on annual subscriptions

There are around 65 employees in Israel and the US, and the firm has taken in just over $30m in funding since it was founded in 2014. Citibank and Microsoft are also strategic investors.

Business is particularly good in the banking and finance sector, with the Bangladesh SWIFT attack acting as a wake-up call.

"It's an ongoing thing," Israeli said. "Companies will never be safe. Attackers are always developing new methods." ®

Other stories you might like

Biting the hand that feeds IT © 1998–2022